Kousuke Ebihara discovered that redcloth, a Ruby module used toconvert Textile markup to HTML, did not properly sanitize itsinput. This allowed a remote attacker to perform a cross-sitescripting attack by injecting arbitrary JavaScript code into thegenerated HTML.

For the stable distribution (wheezy), this problem has been fixed inversion 4.2.9-2+deb7u2.

For the unstable distribution (sid), this problem has been fixed inversion 4.2.9-4.

We recommend that you upgrade your ruby-redcloth packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/